# First let's define the firewall command:
fwcmd="/sbin/ipfw"
# Now let's flush the existing ipfw commands (you'll see that this command is 
# gonna be usefull in the future
$fwcmd -f flush

# Ignore SYN, FIN, FRAG TCP packets
$fwcmd add 50 deny tcp from any to any in via any tcpflags syn,fin
$fwcmd add 60 deny ip from any to any in via any frag

#Allow ssh access in the local network, only if you need it
$fwcmd add 70 allow ip from 192.168.1.0/24 to 192.168.1.0/24 22

#Allow netbios access in the local network, only if you need it
$fwcmd add 80 allow ip from 192.168.1.0/24 to 192.168.1.0/24 135-137

# Divert all packets through the tunnel interface.
$fwcmd add 90 divert natd all from any to any via tun0
# Of course tun0 should be change to eth0 if your not on dial-up

# Allow all connections that have dynamic rules built for them,
# but deny established connections that don't have a dynamic rule.
$fwcmd add 100 check-state
$fwcmd add 110 deny tcp from any to any established

# Allow all localhost connections
$fwcmd add 120 allow tcp from me to any out via lo0 setup keep-state
$fwcmd add 130 deny  tcp from me to any out via lo0
$fwcmd add 140 allow ip  from me to any out via lo0 keep-state

# Allow all connections from your network card (that should be intialised first)
$fwcmd add 150 allow tcp from me to any out xmit any setup keep-state
$fwcmd add 160 deny  tcp from me to any
$fwcmd add 170 allow ip from me to any out xmit any keep-state

# Everyone on the Internet is allowed to connect to the following
# services on the machine.
$fwcmd add 180 allow tcp from any to me dst-port 21,80 in recv any setup
keep-state

# If you don't have a webserver or you don't want it to be open to the world
# remove "80"

# This sends a RESET to all ident packets.
$fwcmd add 190 reset log tcp from any to me 113 in recv any

# Enable ICMP: remove type 8 if you don't want your host to be pingable
$fwcmd add 200 allow icmp from any to any icmptypes 0,3,8,11,12,13,14

# Denny everything else.
$fwcmd add 210 deny log ip from any to any